Neural network black box aggressive defense method based on knowledge distillation

A neural network and black box technology, applied in the field of neural network black box attack defense based on knowledge distillation, can solve the problem of high computational complexity, and achieve the effect of robust confrontation training and good defense

Active Publication Date: 2020-04-17
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF4 Cites 34 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of the above-mentioned deficiencies in the prior art, the neural network black-box attack defense method based on knowledge distillation provided by the present invention solves the problem of high computational complexity caused by multiple queries in the traditional method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Neural network black box aggressive defense method based on knowledge distillation
  • Neural network black box aggressive defense method based on knowledge distillation
  • Neural network black box aggressive defense method based on knowledge distillation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The specific embodiments of the present invention are described below so that those skilled in the art can understand the present invention, but it should be clear that the present invention is not limited to the scope of the specific embodiments. For those of ordinary skill in the art, as long as various changes Within the spirit and scope of the present invention defined and determined by the appended claims, these changes are obvious, and all inventions and creations using the concept of the present invention are included in the protection list.

[0018] Knowledge distillation is an information extraction method based on neural networks, and it is also an effective network compression method. A teacher network is generated by integration or large-scale training, and then the output labels of the teacher network are softened to increase the difference. The amount of information between categories makes it more compatible with different model classification tasks.

[0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a neural network black box aggressive defense method based on knowledge distillation, and the method comprises the steps: selecting a plurality of sub-networks to construct a teacher network, softening the input vectors of softmax layers of all sub-networks, and then reloading the model parameters of the sub-networks for training to obtain a new sub-network; obtaining a prediction label of each sub-network, and taking all prediction labels as soft labels after averaging or weighted averaging; inputting the Image Net data set into a student network, and guiding student network training by adopting a soft label, a data set hard label and a black box model special label to obtain a substitution model; adopting a white box attack algorithm to attack the substitution model to generate an adversarial sample sequence, adopting the adversarial sample sequence to attack the black box model, and selecting an adversarial sample successfully attacked in the adversarial sample sequence; and adding the successfully attacked countermeasure sample into a training set of the black box model, and performing countermeasure training by adopting the updated training set to generate the black box model with attack defense.

Description

technical field [0001] The invention relates to a defense method of a neural network, in particular to a black-box attack defense method of a neural network based on knowledge distillation. Background technique [0002] The existing common black-box attacks are divided into migration-based training substitution model attack methods and decision-based multiple query estimation gradient attack methods. After generating a substitute model close to the black-box model and estimating the gradient close to the black-box model, the two use the mainstream white-box attack method to attack. [0003] Most of the former needs to know the training data set of the attacked model, as well as a lot of information other than the internal parameters of the model, such as input and output, when training the replacement model, and this information, especially the training data set, is difficult to know in practical applications, or The number of acquisitions is limited, so the method of gener...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06N3/04G06N3/08
CPCG06F21/55G06N3/08G06N3/045
Inventor 崔炜煜王文一李晓锐陈建文
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap